well.. 5:01 is the most important part. If you read WHAT you are opening there you will be just fine. Also, if you have the file in any other directory (in this case) you would not be trapped in a TCP reverse shell would you?
He's making real tutorials and all but he doesn't mention all that stuff on purpose, if you want to learn from him you are going to learn just the base (basically how to be a skid) and then you'll need to check yourself how to bypass all the other sh!t.
@@Suneeh1338 Yeah, he has to do something about it. I mean, what can WE (the avarege viewer) can do about it? It's not like you can make a YT channel and post the real sh!t there because it's gonna get taken down. (NullByte tried that) Maybe making it into some puzzle so that only people that aren't just some "average viewers" can access and that will be outside of YT so it won't promote any illegal activities?
This exploit seems to be just for adobe reader, so you can just use firefox or microsoft edge (which is the default pdf reader on windows) to view the pdf
There’s is few of questions I need to ask you which can a iPhone be used to do ethical hacking using ISH or etc? What about even a Chromebook tablet? Also how can someone get data from the air? Also forgot to ask is it possible for someone with ADHD to become one of the best hackers? Currently struggling honestly even trying to make decent living but not giving up hope yet. Thanks I feel like your the best person to answer this honestly and one of my favorite teachers here on UA-cam.
I hope there will be a tutorial of how to detect if something happens to the user like this or a solution to avoid it like setting configuration or something. This makes me aware that not all doc/pdf files is safe. I wonder if this method is also applicable to videos. Like, when opening a video, it is also possible to get hacked.
I love your videos but it would be nice to mention that you will have to first convince the victim to disable windows defender or do it yourself in any way :)
How long does it take to payload generation to complete? It seems for me it takes a very long time or is just looping indefinently both with ubuntu and kali linux
Amazing content . Thts all we can do in virtual environment. How can we get a meterpreter session for a device that is connected to public network i,e the internet.
@@brodierobson4490 I'm guessing you work in education or a consultant or something. I agree that coding is important, but you can be in infosec with out being a strong coder. Obviously some python is important.
Thank you for your video. Can we have more details on the technical part ? A pdf isn't supposed to be able to handle an .exe files. How does the trick work ?
idk, but i think he's showing us an outdated exploit without any notes to gain views, if you look at the video carefully, he was using Adobe Reader 8.1 (Date: June 2007).??? 2007 Seriously???
@@L2002 this is for educational purposes only of course he wont teach stuff that you can exploit you should have common sense if you want to be a real hacker
You're not revealing some codes. Is there any course of yours? In which u have. Taught clearly everything? Because UA-cam have restrictions I can understand that, I have seen many people, teaching ethical hacking, but I want to learn from you , you're experienced, I want to connect with you please reply
It's good to know this stuff but, any script kiddie can do this just as we are learning it or using it as a quick reminder/reference. To be a real hacker takes much more then using someone else tools.
Loi, won't Antivirus programs stop any pdf with an exe or some pdfs with exe attached the Antivirus programs will allow to pass if you crypt it properly with a never before seen crypter? Loi please answer.
@@pervysage4595 Can you tell me the name of one or more pdf encrypters? So what do they do? They will literally encrypt the pdf and the exe and make it look like what type of file to Antivirus programs?
@@mikevinitsky8506 lmao it means script kiddie. someone who uses other ppls stuff to hack and doesn’t write there own. like this backdoor maker. it won’t bypass av
Loi, in this videos we have know the target IP address. How to reconaissance the IP address which the target is in internet such as using smartphone, tablet, etc. Thanks
Nice lecture. But my question is what about if you host your payload on a web host, how do you build with it instead of creating a new payload on Kali. Can you make a video on it?
Not to be bitching, because i really like your video. It's good that you inform the public about these things. Thanks! But a 6 character password you type in at sudo? Unless that's with special chars only (not in rainbow tables) it's pretty darn short.
you are right, he was using Adobe Reader 8.1 (Release Date: June 2007). this is ridiculous, he should have mentioned that the exploit is outdated. 2007?!
i realy like all your video i watch to all your video but how about samething new like pdf attack on android this will be really cool if you can do that and thankes you
@@martinsuperfind7779 i think i figured it out i havent tested but your target has to be in the same exact network. you portfoward your network to avoid this. or host it on ngrok
@@mantavyapurohit1538 i think i figured it out i havent tested but your target has to be in the same exact network. you portfoward your network to avoid this. or host it on ngrok
Hello there i just wanna clarify some things..first does the victim and the hacker should on the same network? Secondly can we do this method on an android? I am kindly waiting for your answer and thank you allot bro your videos are helpful and legit
@@kevinmccallister7647 or just upload the file to google drive and after uploading right click on the uploaded file and click share or get link thats it
Phew that seems easy....and scary... However Adobe "asked"/informed the user that the PDF opened "cmd" (you clicked so fast it was hard t read) and I really hope that any decent antivirus would a the very least stop the attack now, but better when opening the PDF right?
Hi Loi, interssing but is a play for begginer create pdf malicious backdoor....you have explain what we can encode the PDF for AV. advanced tecnic for encoding...the shikata_ga_nai encode and other are old..and all AV detected. Explain some manual mode for encode PDF undetected sure.
Simple, efficient and learning from someone who is HANDSOME😂😂😂.... But while I was experimenting with it I thought if the payload is created where its stored but since I wasn't able to find it. I tried mailing it directly to test but Error popped up saying DisplayName was not mentioned.... Any suggestions..??
The main point is Even if the file has already been loaded onto the device, but not enabled that file Computers will still not have the risk of being controlled,am i correct?
When we sending a pdf document like in the video should we wait on the Kali Linux terminal ? Or we can close our laptop then re-open Kali *imagine* 2 hours after the victim open the doc and will it work?
:)
:)
:D
I want to know that if it is possible to know is pdf okay or not without open it?
Ok sir then,how it'll work for Android
Missing the old intro 😥
Ay yes, now I can send my "Home work" to my teacher.
Yeah "home work"
Yeah "home work"
🤣🤣🤣
Ah yes, you just copied the same comment from Lio lang's malicous pdf video from 3 years ago and also doing this will get you expelled and arrested.
, 😂
This is really scary.. Thank you for spreading such amazing knowledge.
This very old hacking 🙂
But now hackers can do more scary things 🙂
@@rafimr5751 Ohh
@@rafimr5751 like what i really want to know just tell me the names
@@AmanKumar-hy5ck I can mine cryptocurrency on you device 😋
@@AmanKumar-hy5ck for that check my bio 🙂
i love the simplicity of your tutorials, keep going !
My favorite channel! Thank you Loi Liang Yang!
i love this channel, you make things easy
they ARE easy if he uses them on this channel
Best in the game... Fav channel of all time... Much love 🔥🔥🔥
mr loi you are really genius,
love your content and ur way of simplifying the information
@Y K why not?
no
@Y K so just because he does a little easier tutorials, he's a script kiddy?
@Y K Yes, there is. but that's not really the point. You can't just claim that someone is something without knowing anything. Thats just hating ^^
@Y K 7, almost 8
well.. 5:01 is the most important part. If you read WHAT you are opening there you will be just fine. Also, if you have the file in any other directory (in this case) you would not be trapped in a TCP reverse shell would you?
He's making real tutorials and all but he doesn't mention all that stuff on purpose, if you want to learn from him you are going to learn just the base (basically how to be a skid) and then you'll need to check yourself how to bypass all the other sh!t.
@@broz36_ i know bro. but many ppl here are conviced that there is nothing the target can do.
@@Suneeh1338 Yeah, he has to do something about it.
I mean, what can WE (the avarege viewer) can do about it?
It's not like you can make a YT channel and post the real sh!t there because it's gonna get taken down. (NullByte tried that)
Maybe making it into some puzzle so that only people that aren't just some "average viewers" can access and that will be outside of YT so it won't promote any illegal activities?
@@broz36_ exactly.
This exploit seems to be just for adobe reader, so you can just use firefox or microsoft edge (which is the default pdf reader on windows) to view the pdf
I Would Definitely open this file.
In my organization's production server.
RIP✋️💀
Mr. Loi you have amazing brain and amazing way to learn us how we do it, THANK YOU.
you can learn all he says from manual of the programs
@@sbypasser819 where is that manual?
There’s is few of questions I need to ask you which can a iPhone be used to do ethical hacking using ISH or etc? What about even a Chromebook tablet? Also how can someone get data from the air?
Also forgot to ask is it possible for someone with ADHD to become one of the best hackers? Currently struggling honestly even trying to make decent living but not giving up hope yet. Thanks I feel like your the best person to answer this honestly and one of my favorite teachers here on UA-cam.
Its only happen when the firewall and antivirus is disabled right? So keep your firewall and antivirus active and updated.
Well, a virus can add itself to exception and bypass those stuff so who knows. Never safe to completely just trust your anti-virus
@@Motoxrides a virus can not add itself an exception, the user needs to allow that exception xd..so...
@@danawhite7361 you haven ever seen viruses that did that? "The PC Security Channel" talked about such a virus a few years back.
@@TVPInterpolation need admin! user needs to agree
this video is so misleading. he's also using Adobe Reader 8.1, which means June 2007!!!! can you believe that?!
You the best of the best .much love from South Africa
Mr. Loi, i love this channel can you make a full explanation of how to use CVSS in every type of metric, thank you!.
HackerLoi you are my favorite Hacker to watch, you go through things quickly and precisely. Great job man.
Same
Please tell how to stop accessing the pc, like how can i stop accessing my own pc. ik its weird question but at least tell me.
@@zipp5022 If they already opened it that will do nothing.
@@addicted3105 You can go back to a previous version of your machine, assuming you're using windows.
I hope there will be a tutorial of how to detect if something happens to the user like this or a solution to avoid it like setting configuration or something. This makes me aware that not all doc/pdf files is safe. I wonder if this method is also applicable to videos. Like, when opening a video, it is also possible to get hacked.
I'm pretty sure that windows defender will block it
@@SunBlade4302 5:01 in the video.. he just accepts everything and OPENS it.. just read what you open guys :D
don't worry at all, this video is misleading. he was using Adobe Reader 8.1 (Release Date: June 2007). are you kidding me, 2007?
Yup even when opening an image
But its not that easy so not anyone can do it
And to be safe open unknown sources files on vps or rdp
Loi we want tutorials about hacking android phones, because they are the most uesd phones in the space 😁.
Guys hit like to rise up my comment
he will not, he just showed you an outdated exploit, look at the video, he was using Adobe Reader 8.1 (Release Date: June 2007).
@@L2002 the fact that the viewer is outdated says literally nothing about the exploit itself
@@Daniel-yt7ry TYL3R DURD3N
where pdf is stored?
Excellent Mr. Hackerloi. Your the best
Amazing information. Love your videos. Regards from Sweden
I love your videos but it would be nice to mention that you will have to first convince the victim to disable windows defender or do it yourself in any way :)
Is there a work around so that windows defender does not pick it up?
a normal payload can bypass windows defender but for pdf idk
Love you man, and thanks for yet another amazing video.
❤
Oh my boss im Just coming watched u ❤❤❤❤ 😂😂# Edy
when i set the playload how can i know the playload's file location?
and how can i know the email send to the target (demo)
Great man, learning a litle every vídeo....thanks
How long does it take to payload generation to complete? It seems for me it takes a very long time or is just looping indefinently both with ubuntu and kali linux
I thought it was only mine, I've tried several times but it keeps generating with no results for minutes/hour
@@vincentcj7548 yes
Always motivated by your tutorials
Next time I'm sending out CVs for job applications, I'm going to use this XP
🤣🤣🤣
If I use my Android Galaxy S9, rooted & with AFWall+ installed, will opening the pdf-file still be as malicious, as it was shown here?
why you never use obfuscation, in the real world everybody has at least windows defender enabled.
and these payloads are easy to detect.
For those figuring out where the generated pdf is saved, the path is /root/.set
this is just amazing than i expected, i love it
You are great boss. Love from Bangladesh :)
Sir, I don't know the path of the file "HACKERLOI.pdf" you created in the video.where is it....???
Me too i don't know where is the PDF file
I have the same question, someone know where is it?
@@felipearbelaez1360 just make a new document in the desktop and give it a name and embedd the payload inside that, thats it
Create black instead
Old intro was dope. Bring it back please
Amazing content . Thts all we can do in virtual environment. How can we get a meterpreter session for a device that is connected to public network i,e the internet.
5:01 well windows allready warns you about it, so read any pop up showed then click after reading carefully
Would love to hear a good tutorial on obfuscation, AV catches most of the stuff from SE
thats the where you need to learn to code comes in.
@@brodierobson4490 I'm guessing you work in education or a consultant or something. I agree that coding is important, but you can be in infosec with out being a strong coder. Obviously some python is important.
Hackeroli 😂❤️
Handsome hacker indeed👀
Please tell how to stop accessing the pc, like how can i stop accessing my own pc. ik its weird question but at least tell me.
Best Video ❤️, BTW I am First
What i do if i see you in my city
Run away
Just run don't look back
And hide your phone 😂
Like your channel/videos!! Keep it up!! What keyboard do you use? Like the sounds of the typing :)
Can you tell where the file is stored so that I can send that pdf
bruh did you find out
i cant figure it out rip
I am proud to be your first like.
Thank you for your video. Can we have more details on the technical part ?
A pdf isn't supposed to be able to handle an .exe files.
How does the trick work ?
idk, but i think he's showing us an outdated exploit without any notes to gain views, if you look at the video carefully, he was using Adobe Reader 8.1 (Date: June 2007).??? 2007 Seriously???
@@L2002 this is for educational purposes only of course he wont teach stuff that you can exploit you should have common sense if you want to be a real hacker
@@OpenYoureyes304 i know that, but at least he should say if the exploit is outdated or now
Thankyou so much sir for giving us these knowledgeable video
it already gets detected by windows defender ,,,, no use
yeah bro every msfvenom payload gets detected by antivirus gotta find the new way
@@renderset2937 True
@@renderset2937 you can make the metaspliote payload undetected by obfuscation
Do you know where the file is being saved after renaming it. I can't find it bro.
@@Rahul-nw5rp Google it
You're not revealing some codes. Is there any course of yours? In which u have. Taught clearly everything? Because UA-cam have restrictions I can understand that,
I have seen many people, teaching ethical hacking, but I want to learn from you , you're experienced, I want to connect with you please reply
Thanks for teaching us real hacking ❤
thats ethical hacking
It's good to know this stuff but, any script kiddie can do this just as we are learning it or using it as a quick reminder/reference. To be a real hacker takes much more then using someone else tools.
@@SK-me9by to be real hacker you need to enable screen blocking and you need to know the keybinds for opening the system prompt function in hai.dll
Mr Loi your video really helpful
Loi should be protected at all costs!
why? what he says can be learned from text sources
@@sbypasser819 not only that, he was using Adobe Reader 8.1 (Release Date: June 2007), 2007!!!
Excited to see android pdf Exploit 😮
Loi, won't Antivirus programs stop any pdf with an exe or some pdfs with exe attached the Antivirus programs will allow to pass if you crypt it properly with a never before seen crypter? Loi please answer.
there are encrypters for pdf files
@@pervysage4595 Can you tell me the name of one or more pdf encrypters? So what do they do? They will literally encrypt the pdf and the exe and make it look like what type of file to Antivirus programs?
@@mikevinitsky8506 you need to know basics of coding here, u can’t just use skid software abs expect to bypass av
@@edmorris4720 I'm a programmer. What is skid software?
@@mikevinitsky8506 lmao it means script kiddie. someone who uses other ppls stuff to hack and doesn’t write there own. like this backdoor maker. it won’t bypass av
But the pdf file is fishy since it prompts with some suspicious message before opening. How to avoid this?
Loi, in this videos we have know the target IP address. How to reconaissance the IP address which the target is in internet such as using smartphone, tablet, etc. Thanks
Once we get the IP, we can run the nmap command with -O option for OS Detection
how to find the path of the pdf we renamed please i didnt find it on desktop , thanks , and i appreaciate your work
I would guess that this is not a persistent connection, right. Once the windows box is rebooted, the exploit dies unless pdf is opened again.
what is this tutorial for if the pdf is detected by all anti virus
well done loi excellente expérience bonne continuation
infinite message "Waiting for payload generation to complete..." Could you fix that issue??
Nice lecture. But my question is what about if you host your payload on a web host, how do you build with it instead of creating a new payload on Kali. Can you make a video on it?
Can an internet security or an antivirus be able to stop this attack ? Say Kaspersky or Macafee ?
its time to go to more advanced topics. I would like a video on how to create a botnet
Not to be bitching, because i really like your video. It's good that you inform the public about these things. Thanks! But a 6 character password you type in at sudo? Unless that's with special chars only (not in rainbow tables) it's pretty darn short.
Loi pls pls make video on brute forcing ssh, rlogin. Pls make video on Hydra u explain very well
But the pdf payload don’t work on all pdf reader, just old versions who don’t fix the exploit
you are right, he was using Adobe Reader 8.1 (Release Date: June 2007). this is ridiculous, he should have mentioned that the exploit is outdated. 2007?!
Another click bait. None of the guys commenting has tried it out and in order for this to work must be Adobe Reader 8.1. We are in 2022 cmon
i realy like all your video i watch to all your video but how about samething new like pdf attack on android this will be really cool if you can do that and thankes you
3:30....after renaming the pdf file, how can I access it or find it??, so that I can mail it to user.
have you fixed?
@@ahinssu617 no still can't find the file, did you?
same problem, If you have fixed message me please :)
@@martinsuperfind7779 i think i figured it out i havent tested but your target has to be in the same exact network. you portfoward your network to avoid this. or host it on ngrok
@@mantavyapurohit1538 i think i figured it out i havent tested but your target has to be in the same exact network. you portfoward your network to avoid this. or host it on ngrok
I want to know without showing the permission pop up , taking access of CMD is possible or not? I know its possible but how
Full
Complete
Control
Entire
Computer
System
n i c e
Hello there i just wanna clarify some things..first does the victim and the hacker should on the same network?
Secondly can we do this method on an android?
I am kindly waiting for your answer and thank you allot bro your videos are helpful and legit
If you don't have port forwarding turned on they need to be in the same network
@@kevinmccallister7647 got it thanks allot brother
@@kevinmccallister7647 or just upload the file to google drive and after uploading right click on the uploaded file and click share or get link thats it
Did not see where to get the pdf after downloading it
the pdf is saved under /root/.set
wrold cute and intelligent hacker i love your voice and you you are my inspection
this taking so much time for generating payload
is it detectable by windows defender or other antiviruses??
Phew that seems easy....and scary...
However Adobe "asked"/informed the user that the PDF opened "cmd" (you clicked so fast it was hard t read) and I really hope that any decent antivirus would a the very least stop the attack now, but better when opening the PDF
right?
Do you know where the PDF file saved?
Thanks you.
please I have a question
1. if the pdf file was opened on a smartphone it will be controllesd also?
First of all, thank you for the video. I have a question, what if the person closes the pdf? Do we still have access to the victim's device?
yes, you have access to the pc until they shut it down, or disconnect wifi/ethernet
@@fedo9644 Thank you.
@@fedo9644 Did the WiFi connection has to be the same as you are connected??
@@kerhabplays no in meterpreter case its offline attack so no internet needed
I opened up the file but nothing appeared in the terminal
Everytime i get a payload is saves it to a root folder which i cant axcess any fixes?
Can I get rid of the problem by delete it or move to trash bin?
I rickrolled my teacher with this method in the lockdown lmao
run the kali linux hacking os on any phone is no longer available bruh
Intro song changed......😊
Due the issue of sending email Where can i find the new file
And the port forwarding? Unless you do it, it will only work in a LAN...
Hi
can any one tell me where can i find the pdf that i just made.
I dont find it
I HAVE LINUX RUNNING IS A VM, WHERE DO I FIND THE PDF I CREATED??
If a hacker did this would a factory reset remove the problem?
@DDD9216A oh true
Hi Loi, interssing but is a play for begginer create pdf malicious backdoor....you have explain what we can encode the PDF for AV. advanced tecnic for encoding...the shikata_ga_nai encode and other are old..and all AV detected. Explain some manual mode for encode PDF undetected sure.
What is i close my oc after nake pdf and while closing my terget open the file so i get the access?
Where will be the renamed file stored or it just changes the original file name.
Atlast i found where the file is stored
Simple, efficient and learning from someone who is HANDSOME😂😂😂.... But while I was experimenting with it I thought if the payload is created where its stored but since I wasn't able to find it. I tried mailing it directly to test but Error popped up saying DisplayName was not mentioned.... Any suggestions..??
Did you get the solution bro? Pls tell me ok.....
@@technoviraj no bro
The main point is Even if the file has already been loaded onto the device, but not enabled that file Computers will still not have the risk of being controlled,am i correct?
Setoolkit says it's done creating/editing the PDF but there is still no PDF anywhere. Why is this?
When we sending a pdf document like in the video should we wait on the Kali Linux terminal ? Or we can close our laptop then re-open Kali *imagine* 2 hours after the victim open the doc and will it work?
Nice I am going to open that hackerloi right now!!!!